Analysis
-
max time kernel
47s -
max time network
140s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
02-06-2024 02:52
Static task
static1
Behavioral task
behavioral1
Sample
8caa3427932ea23a8dd107152dccc910_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8caa3427932ea23a8dd107152dccc910_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
8caa3427932ea23a8dd107152dccc910_JaffaCakes118.apk
-
Size
3.6MB
-
MD5
8caa3427932ea23a8dd107152dccc910
-
SHA1
ebcdc641284da1864ca37a8aa7fd07cce2ac65ba
-
SHA256
3a12f0528a4379b52b6cb07832c1d577d58b2f9559e6844775579cac7c0d9a8d
-
SHA512
10bee6e12c88973f9569ebe4e4133218a4ae430c36361d00c20ceefeec7d54b9b1a3cb029a37483ccdebaa55d77ac1c76f5ad1b83ff192feb29cd09a77190111
-
SSDEEP
98304:GccnaVv95Utqy/+7gg688dLW4g2SRQwzof8m7p:GccaVv4z/+7U88tW4uQw684p
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.kingkr.kxegohsioc process /system/app/Superuser.apk com.kingkr.kxegohs -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.kingkr.kxegohsdescription ioc process File opened for read /proc/cpuinfo com.kingkr.kxegohs -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.kingkr.kxegohsdescription ioc process File opened for read /proc/meminfo com.kingkr.kxegohs -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.kingkr.kxegohsdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.kingkr.kxegohs -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.kingkr.kxegohsdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kingkr.kxegohs -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.kingkr.kxegohsdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kingkr.kxegohs -
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.kingkr.kxegohsdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.kingkr.kxegohs -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.kingkr.kxegohsdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.kingkr.kxegohs
Processes
-
com.kingkr.kxegohs1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4666
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
238B
MD5db89d2f64a67c1aa4acbc4f8e1d30419
SHA1545fa5b3a5a949edef24784a3ef68b7ddb4954ca
SHA256c4d76831a2937f819f692c8da3f77852935ffc7f0a743f08c120159cea224bea
SHA512304ffae986d7d27be7e82df932de9c2e91e24fb47d6a564905f03088f15a56b08bdea4a16e72c45319a4a6b9f6efab81cb8ed1080b729df8ee09b157e8b123b1
-
Filesize
101B
MD567881de150fc04b1cfa9614fb2818b43
SHA1c0ad04c4f9dbc52ed3e23989f4d16cf9e469a3f4
SHA25677d4cbc2e541ceb31ee7784b1fde7bd0c925ddbbd109792b2ca6686286cda72b
SHA5126f888e5fc92f2bb0fb43fa5e47a35a7458f4d2fa8c6a216fb7ab971d8a1e5ab9436efa21811a002ffc308f6c4aeff63635fd211a6b129f70761e7d0611be0a52
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
20KB
MD5e8a3cf1519f76f90fe66482692fb2735
SHA1de43fce34992dbfeb9d216b1ecf45e489c7a67f5
SHA256950dcb46fb427d6c603ddf7b05954f5dcd02840e0a0657a40b71d0d6ebf488f0
SHA51221b0c416e7ad89bb460aa7e8211c626aa20df41bdf46afd10877c6234649bd0a4de301c88af57a7000750a208774e06e2a30340cd9f96947b962f6e9ba112651
-
Filesize
512B
MD58adcbb8fe3e9649a94f1e39192daa015
SHA17925497682404edbbb4156398a4273fbcea70006
SHA256cc882a7296e8af9c5eb5437ec98dc6eb117a0b9d952e47893ecf4c45804c2c0a
SHA512a3f7b283757303fb76ab6cc5f31393e0ffe46017346fb70aacb9bbf21689bd976fe3dc44a34972efa8c70e01ededc03140d8a4174a7471fe08ceef852c53a261
-
Filesize
8KB
MD52ab3bd6012880e3c9ad3f6acea86c87d
SHA1ee1ead8666f276a571014158ff7ad153e15f6b92
SHA256ea8473e812eda38f7fd20feafb4b7174ee52d499ef602d49b8fa624ebd5d3ff5
SHA51206ff394a702fdfadd63af0970dd2b28267539b968777b9146b1da644ddd3deb5fe96584a5655170c7ae75bca4cb63de332c314b0cd9b87a0e81521c0c8696084
-
Filesize
8KB
MD57731771c4261ac24aae4d9e44a00fe56
SHA1f17f7659f6f8e2c7923368a6b4ef795217641082
SHA2568b5b36f5eb39463b6f4c6cc894fb76615b006764a127ff5bc64a0a38c96ccc76
SHA51200ba9c4f06c52335b1e1c6320051894fb8a2a7d22a589985f1b521601932c55560a602cd85a63808de36723ca794ccf0de787af1760f7b9df60378f6cde73018
-
Filesize
52KB
MD5321c4f4f1d15299cf03ed4172f384274
SHA1e42666ca29bc8313d6e10ec19dcaa79a37136174
SHA256a5146789d256662aa5e7cdd5c935322f2ab1e3fc7e586b04c0226dc0faf1c3bb
SHA5129b88a7f7c8acc8e36db065b9560e59da23f4d0d0a070d695b78f25300ea6bbe91a944a8434e885760af5a19006848904bab0cca5e200821dd3b4071cf4216cf9
-
Filesize
8KB
MD5318e6fdaafc849a3ae80dcd5ec77bf6b
SHA11daf9713f8fc12d2e49b0303a938175c08555211
SHA256bd9e6d659cb88039bcaa81692043660dc4f29ea3751e8e336268ca3a73b20e26
SHA512ccd9739a2cbd22230a47d21c64aa66aa94c427cb253262c524a7680ed36824c15fd577228e7fc8e0207db2ca53df4b115fd8128f9f66ef1a9da4c1221d69887a
-
Filesize
8KB
MD508613f1023f1963b5d2397b04e58ebc8
SHA1896c7456a99824c778920f6ccdc5c64eaddaeec6
SHA2562e50a418b43574500caa69e229245194484f3cce64c0b2e5e6fbddd5bd7e60c9
SHA512e10965335287e9444d806c821ad36c3178b3adbd0d65dc8a40504e3f7c7bc87675f63a2bfcafa73adc963031c915aa82788ce5ad8b6a7912d174e5136687f4ce
-
Filesize
8KB
MD5b7c063ba6e159bcc213960df55671e19
SHA1b1d77db28008362f340662aa5c90d5113fc1be3e
SHA25637cbfc2838a4253ce6690c3eca7667e47e29b72d182a49309818236cfdc0daf6
SHA512701007458796df2df61e25447b3e944292d06e6f64c415960a12098bec63aab95ceccbf39bd8e0e22e72f86037322033fba1b9c522d64fc5f24be0572d155b64
-
Filesize
8KB
MD5752e7273e1d5897a3105be471a7c7c64
SHA1b99f84e6d8a740d7300ceb6dc6769c32b1211f12
SHA256b9de4e44b8979768ac46811a62f0392f1dcfd1db9710c4883c942f22977b9b7e
SHA512e060e0fd71d6cd46d396649d969f74556fa11c8f3d280a73d3e91b403ea0c2bf40f9a3c8b956b49763ca1351a17da17c7348762fbbcdd24402c21f95adcd6f6b
-
Filesize
512B
MD53b8c44a88a7d0b02da671e52674112f9
SHA1774583060d702a06b55e06edd46833a4e0c4cc9c
SHA2564c588f65b96ab08a69f9882ff921605606a9930e6d3d6ea7164d31fa5905e6db
SHA512341948953857f2210e756826e0293f010ccf037e147de0c3d7ee98af429ca91f47d0998a90497001df4e10af5ce67df3758c336411159ccfaee108c8c74cdaa8
-
Filesize
20KB
MD5f40a57c66313e33698bdd07e38b00641
SHA1fd8e0a6db4dcf1848270c91412270207f874b127
SHA25665ab2642bdff4a2cb2b79153eab58d04e936cc84d8abe3177e05cae5465ea5d8
SHA512b944aed5333eb991d68aa90a1c28908987147faeca09c144edc532c417408a2fec820cca6bd61e5d985e0e4e855b2808ea6cc7897bafdcce94a90a573cc9f9fb
-
Filesize
512B
MD5421696ca4c5be22aaa2b0330917e628a
SHA1f1eeec2841404beb9bb3d946944fdbee1ea85bb5
SHA256a5aaa81b0d9bdf1e399d8275c35f8ad06abbfaa4cccbb02f509fee78d4d61c3e
SHA51284e9e767a406bef0c3ac7b7b204b5503436b1f2863d6efa24f59a3c3b683de8d365b3b102703bc880679044a403eb20245df30dd4b2653b75a00fd679e9cd5fb
-
Filesize
8KB
MD55106d67b64a4668dd3ce23e343bb5c22
SHA124ac293a9226783ef6f2be5fe31e6829d647ecb8
SHA256030d70cdaef572e1bd9fc8c9944d1924b0bcb2071100f9a0fa3115e734a51a86
SHA51225e8c012e45e98d4086e21538145fc5bdb1987a358271e26c7489fbde56f0b6568db61662ae0ca8298c2de4668db6086db76c0bd05a8d663e285a0d92592a5e0
-
Filesize
8KB
MD57fa734f3b038d6b3514b2bb2cc9abdb8
SHA1eb88db3a1df6b32699c651e29c5647b37529f77f
SHA25662abe4d9db8f3cd4a03d36b45a2fdd0dabd0791ab11d0591cc804ee30004fb68
SHA5120dfabe492ce24d2776ec93f4480054310dee2f2cb77f9202cc8a1664c7f736b1ce84b65f4b771388734e01d78319e604493f1fa07f2ccdb9178ca225bd914bb4
-
Filesize
13KB
MD54eb14f27cc4441dbf88dd7d996470534
SHA1ccae171b0c9439e2f6bfb6d7e583b71a4d7651f3
SHA2562dbab4979c076de98f0256a8c8b026540e4d6007d9b405abbc06dc334775b79d
SHA51298e8d633fa6774fb443a8919082371318f22bdf17dec9fb31220c2f5ebc4410aaec2187fa5a37565c965a29c846f26508ae29ee65a09e724456cd241e7ea439b